TMCnet FEATURE

TMCNET eNEWSLETTER SIGNUP

Hackers Breach Porn Site, Pilfer Login Data and Credit Card Info

A collection of hackers who call themselves The Consortium have claimed responsibility for infiltrating a pornography website and stealing the personal information of more than 70,000 users.

The group broke into the Digital Playground website at some point last week and pilfered user names, email addresses and passwords from around 73,000 members, plus credit card details, expiration dates and security codes from another 40,000 members.

In a statement obtained by Sophos' security blog, The Consortium said that it hacked into the site "for the love of the game," adding that it will not release the credit card details or use them for profit. Like similar hacks in the last year, it seems that the group's end goal is to embarrass the owner of the site – in this case Luxembourg-based Manwin – for its flawed network security, something the group referred to as "a joke."

"We cannot justify releasing these peoples credit card info, but remember it is DP that allowed this to happen, this could have been a different group," the statement read. "And perhaps they may have done far worse when given this information."

While the group didn't release complete credit card information, it did post email addresses, user names and passwords of users on a list that has been published across various message boards, according to AVN News. The group was quick to point out that it found 82 .gov and .mil email addresses with corresponding plaintext passwords, meaning a number of government and military personnel signed up for the site using their professional email address.

Manwin, which only gained ownership over Digital Playground and its related assets on March 1, has been the victim of three separate cyber attacks in the last two months. Two of its other properties – Brazzers Network and YouPorn – were each hacked earlier this year. Between the two breaches, more than 1.3 million user names and passwords were compromised.

Manwin acknowledged to AVN News that the most recent hack forced the company to shut down Digital Playground and related websites on March 5. The site is back online as of today but Digital Playground has said that it is currently not accepting any new members.

Last week's hack caps off an insane 18-month stretch dominated by corporate-focused cyber crime. Hacktivist groups like Anonymous and Lulzec have taken credit for dozens of high-profile attacks against corporations and governments that have led to multi-million dollar losses for victims. Companies like Sony, who reportedly had inferior network security measures in place, were particularly appealing targets for hackers.

For information on how you can reduce the risk of hackers finding your site and attacking it, check out this free white paper from Verisign entitled “Reducing the Cost and Complexity of Web Vulnerability Management”. The document details how companies can leverage automated vulnerability assessments to identify exploitable weaknesses and take corrective action.